54 General Data Protection Regulation (GDPR) Preparedness PDF 279 KB
Report by the Chief Operating Officer.
Minutes:
54.1 The Committee considered a report by the Chief Operating Officer, with a presentation by the Information Manager. A copy of the presentation is in the Minute Book.
54.2 The key changes introduced by the new legislation were set out. Information for Members will be developed to address their particular concerns, with regard to information processed by the Council and information processed for political purposes.
54.3 Members asked questions about use of personal email accounts, and the development of contact lists. They were advised of the enhanced cyber-security available by using “@eastsussex.gov.uk” email addresses (to reduce the risk of data loss) and that explicit consent should be sought from individuals before adding them to a contact or distribution list. Existing lists should be reviewed.
54.4 Attention was drawn to the Privacy Impact Assessments (PIAs) and Members were advised to exercise caution when passing requests for action onto officers, especially in the form of emails.
54.5 Members were reassured that the authority is compliant with existing Data Protection requirements, and so should already be broadly compliant with the new requirements.
54.6 Members explored the possibility of offering an information and guidance service to small organisations (such as Parish Councils and schools) that may lack the in-house expertise to address the new requirements. It was suggested that this could be offered commercially, and also charge a fee for acting as the Data Protection Officer.
54.7 The Committee RESOLVED to note the presentation.